From 50f3e76de268165d570518def1ca98e07aa676f7 Mon Sep 17 00:00:00 2001 From: Daniil Antoshin Date: Thu, 24 Apr 2025 10:31:52 +0200 Subject: [PATCH 1/7] chore(core): build nftables Signed-off-by: Daniil Antoshin --- component_versions/version_map.yml | 1 + .../packages/binaries/nftables/werf.inc.yaml | 75 +++++++++++++++++++ images/virt-launcher/werf.inc.yaml | 7 ++ 3 files changed, 83 insertions(+) create mode 100644 images/packages/binaries/nftables/werf.inc.yaml diff --git a/component_versions/version_map.yml b/component_versions/version_map.yml index 6f3d55e67c..dbed94647d 100644 --- a/component_versions/version_map.yml +++ b/component_versions/version_map.yml @@ -6,3 +6,4 @@ package: swtpm: 0.10.0 xorriso: 1.5.6 numactl: 2.0.19 + nftables: 1.1.3 diff --git a/images/packages/binaries/nftables/werf.inc.yaml b/images/packages/binaries/nftables/werf.inc.yaml new file mode 100644 index 0000000000..d7c49194c3 --- /dev/null +++ b/images/packages/binaries/nftables/werf.inc.yaml @@ -0,0 +1,75 @@ +--- +image: {{ $.ImageType }}/{{ $.ImageName }} +final: false +fromImage: builder/scratch +import: +- image: {{ $.ImageType }}/{{ $.ImageName }}-builder + add: /out + to: /nftables + before: setup + +--- +{{- $version := get $.Package $.ImageName }} +{{- $gitRepoUrl := "nftables.git" }} + +{{- $name := print $.ImageName "-dependencies" -}} +{{- define "$name" -}} +packages: +- gcc +- git pkg-config trousers +- automake autoconf make makeinfo libtool +- flex bison asciidoc-a2x +- tree +{{- end -}} + +{{ $builderDependencies := include "$name" . | fromYaml }} + +image: {{ $.ImageType }}/{{ $.ImageName }}-builder +final: false +fromImage: builder/alt +secrets: +- id: SOURCE_REPO + value: {{ $.SOURCE_REPO_GIT }} +shell: + beforeInstall: + - | + apt-get update && apt-get install -y \ + {{ $builderDependencies.packages | join " " }} + + # libtpms libtpms-devel requares version 0.10 that in sisyphus repo + cat >/etc/apt/sources.list.d/alt-sisyphus.list< ~/.ssh/config + + git clone --depth=1 $(cat /run/secrets/SOURCE_REPO)/{{ $gitRepoUrl }} --branch v{{ $version }} /src + cd /src + + ./autogen.sh + + ./configure --prefix=/usr --libdir=/usr/lib64 --enable-python --with-python-bin=/usr/bin/python3 --with-json --with-cli=readline + + make -j$(nproc) + + make DESTDIR=$OUTDIR install + + strip $OUTDIR/usr/sbin/nft + + # We don't need man, test and samples files + rm -rf $OUTDIR/usr/include + rm -rf $OUTDIR/usr/share + rm -rf $OUTDIR/usr/lib64/pkgconfig + + tree $OUTDIR diff --git a/images/virt-launcher/werf.inc.yaml b/images/virt-launcher/werf.inc.yaml index 706e20bd91..42f53a264f 100644 --- a/images/virt-launcher/werf.inc.yaml +++ b/images/virt-launcher/werf.inc.yaml @@ -127,6 +127,7 @@ packages: - iptables - libffi8 - nftables + - numactl - openssl - passt - pcre @@ -252,6 +253,11 @@ import: to: /xorriso before: install +- image: packages/binaries/nftables + add: /nftables + to: /nftables + before: install + - image: tools/coreutils add: / to: /relocate @@ -316,6 +322,7 @@ shell: cp -a /xorriso/. / cp -a /swtpm/. / cp -a /numactl/. / + cp -a /nftables/. / echo "Show libs after relocation in /relocate/usr/lib64" ls -la /relocate/usr/lib64 From a72487e62539426327667b2f3248aaca9fadbc30 Mon Sep 17 00:00:00 2001 From: Daniil Antoshin Date: Thu, 24 Apr 2025 13:02:38 +0200 Subject: [PATCH 2/7] chore(core): build static Signed-off-by: Daniil Antoshin --- images/packages/binaries/nftables/werf.inc.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/images/packages/binaries/nftables/werf.inc.yaml b/images/packages/binaries/nftables/werf.inc.yaml index d7c49194c3..b06538474a 100644 --- a/images/packages/binaries/nftables/werf.inc.yaml +++ b/images/packages/binaries/nftables/werf.inc.yaml @@ -18,6 +18,7 @@ packages: - gcc - git pkg-config trousers - automake autoconf make makeinfo libtool +- musl-devel-static - flex bison asciidoc-a2x - tree {{- end -}} @@ -59,13 +60,18 @@ shell: ./autogen.sh - ./configure --prefix=/usr --libdir=/usr/lib64 --enable-python --with-python-bin=/usr/bin/python3 --with-json --with-cli=readline + ./configure \ + --prefix=/usr \ + --libdir=/usr/lib64 \ + --with-json \ + --with-cli=readline make -j$(nproc) make DESTDIR=$OUTDIR install strip $OUTDIR/usr/sbin/nft + ldd $OUTDIR/usr/sbin/nft # We don't need man, test and samples files rm -rf $OUTDIR/usr/include From 3e5cc37afcaeb1cb1a5c03a7dffe0ba21ac0ff62 Mon Sep 17 00:00:00 2001 From: Daniil Antoshin Date: Mon, 28 Apr 2025 11:14:54 +0200 Subject: [PATCH 3/7] fix Signed-off-by: Daniil Antoshin --- images/virt-launcher/werf.inc.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/images/virt-launcher/werf.inc.yaml b/images/virt-launcher/werf.inc.yaml index 41071cbc56..39ad04b995 100644 --- a/images/virt-launcher/werf.inc.yaml +++ b/images/virt-launcher/werf.inc.yaml @@ -126,9 +126,6 @@ packages: - hwclock - iptables - libffi8 - - nftables - - numactl - - openssl - passt - pcre - procps @@ -152,6 +149,8 @@ binaries: - /usr/bin/memhog /usr/bin/migratepages /usr/bin/migspeed /usr/bin/numactl /usr/bin/numastat # Hwclock - /usr/sbin/hwclock + # Nftables + - /usr/sbin/nft {{- end -}} {{ $virtLauncherDependencies := include "virt-launcher-dependencies" . | fromYaml }} From dd7bf32a38a6b12e2c349cfac02e596b2f295b47 Mon Sep 17 00:00:00 2001 From: Daniil Antoshin Date: Mon, 28 Apr 2025 11:35:02 +0200 Subject: [PATCH 4/7] add for virt-handler Signed-off-by: Daniil Antoshin --- images/virt-handler/werf.inc.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/images/virt-handler/werf.inc.yaml b/images/virt-handler/werf.inc.yaml index 0c1496eac1..f95affd524 100644 --- a/images/virt-handler/werf.inc.yaml +++ b/images/virt-handler/werf.inc.yaml @@ -52,7 +52,6 @@ imageSpec: {{- define "$name" -}} packages: - acl -- nftables binaries: - /usr/bin/mount - /usr/bin/umount @@ -76,6 +75,10 @@ import: add: /xorriso to: /xorriso before: install +- image: packages/binaries/nftables + add: /nftables + to: /nftables + before: install - image: qemu add: /qemu-img to: /relocate @@ -88,6 +91,7 @@ shell: - apt-get clean - rm --recursive --force /var/lib/apt/lists/ftp.altlinux.org* /var/cache/apt/*.bin - cp -a /xorriso/. / + - cp -a /nftables/. / setup: - | /relocate_binaries.sh -i "{{ $virtHandlerDependencies.binaries | join " " }}" -o /relocate From 76d37f85f9ccaa68692b37b0abb5c417fef1cdff Mon Sep 17 00:00:00 2001 From: Daniil Antoshin Date: Mon, 28 Apr 2025 13:02:00 +0200 Subject: [PATCH 5/7] remove unused Signed-off-by: Daniil Antoshin --- images/virt-launcher/werf.inc.yaml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/images/virt-launcher/werf.inc.yaml b/images/virt-launcher/werf.inc.yaml index 39ad04b995..9cc0d73e2c 100644 --- a/images/virt-launcher/werf.inc.yaml +++ b/images/virt-launcher/werf.inc.yaml @@ -149,8 +149,6 @@ binaries: - /usr/bin/memhog /usr/bin/migratepages /usr/bin/migspeed /usr/bin/numactl /usr/bin/numastat # Hwclock - /usr/sbin/hwclock - # Nftables - - /usr/sbin/nft {{- end -}} {{ $virtLauncherDependencies := include "virt-launcher-dependencies" . | fromYaml }} @@ -244,17 +242,11 @@ import: to: /numactl before: install - - image: packages/binaries/xorriso add: /xorriso to: /xorriso before: install -- image: packages/binaries/nftables - add: /nftables - to: /nftables - before: install - # Statically builded - image: packages/binaries/openssl add: /openssl @@ -328,7 +320,6 @@ shell: cp -a /xorriso/. / cp -a /swtpm/. / cp -a /numactl/. / - cp -a /nftables/. / echo "Show libs after relocation in /relocate/usr/lib64" ls -la /relocate/usr/lib64 From 4fa5c399b666a2cd53b24e6dd5d20973be12de2d Mon Sep 17 00:00:00 2001 From: Daniil Antoshin Date: Tue, 29 Apr 2025 12:56:20 +0200 Subject: [PATCH 6/7] fix bundle Signed-off-by: Daniil Antoshin --- images/virt-handler/werf.inc.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/images/virt-handler/werf.inc.yaml b/images/virt-handler/werf.inc.yaml index f95affd524..5db20852a7 100644 --- a/images/virt-handler/werf.inc.yaml +++ b/images/virt-handler/werf.inc.yaml @@ -52,6 +52,8 @@ imageSpec: {{- define "$name" -}} packages: - acl +- libnftnl +- libjansson4 binaries: - /usr/bin/mount - /usr/bin/umount From 7cac9efe79d31cfec34e95262f510e17b4e40376 Mon Sep 17 00:00:00 2001 From: Daniil Antoshin Date: Tue, 29 Apr 2025 15:26:52 +0200 Subject: [PATCH 7/7] Update werf.inc.yaml Signed-off-by: Daniil Antoshin --- images/packages/binaries/nftables/werf.inc.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/images/packages/binaries/nftables/werf.inc.yaml b/images/packages/binaries/nftables/werf.inc.yaml index b06538474a..d1858d04ca 100644 --- a/images/packages/binaries/nftables/werf.inc.yaml +++ b/images/packages/binaries/nftables/werf.inc.yaml @@ -20,7 +20,6 @@ packages: - automake autoconf make makeinfo libtool - musl-devel-static - flex bison asciidoc-a2x -- tree {{- end -}} {{ $builderDependencies := include "$name" . | fromYaml }} @@ -37,7 +36,6 @@ shell: apt-get update && apt-get install -y \ {{ $builderDependencies.packages | join " " }} - # libtpms libtpms-devel requares version 0.10 that in sisyphus repo cat >/etc/apt/sources.list.d/alt-sisyphus.list<